44 lines
1.1 KiB
Nix
44 lines
1.1 KiB
Nix
|
{ config, pkgs, ... }:
|
||
|
|
|
||
|
|
let
|
||
|
|
pinentry =
|
||
|
|
"${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac";
|
||
|
|
|
||
|
|
in {
|
||
|
|
home.packages = [ pkgs.gnupg pkgs.pinentry_mac ];
|
||
|
|
|
||
|
|
home.file.".gnupg/gpg-agent.conf".text = ''
|
||
|
|
enable-ssh-support
|
||
|
|
default-cache-ttl 60
|
||
|
|
max-cache-ttl 120
|
||
|
|
display :0
|
||
|
|
pinentry-program ${pinentry}
|
||
|
|
log-file ${config.home.homeDirectory}/.local/var/log/gpg-agent.log
|
||
|
|
'';
|
||
|
|
|
||
|
|
home.file.".gnupg/gpg.conf".text = ''
|
||
|
|
personal-cipher-preferences AES256 AES192 AES
|
||
|
|
personal-digest-preferences SHA512 SHA384 SHA256
|
||
|
|
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
|
||
|
|
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
|
||
|
|
cert-digest-algo SHA512
|
||
|
|
s2k-digest-algo SHA512
|
||
|
|
s2k-cipher-algo AES256
|
||
|
|
charset utf-8
|
||
|
|
fixed-list-mode
|
||
|
|
no-comments
|
||
|
|
no-emit-version
|
||
|
|
keyid-format 0xlong
|
||
|
|
list-options show-uid-validity
|
||
|
|
verify-options show-uid-validity
|
||
|
|
with-fingerprint
|
||
|
|
require-cross-certification
|
||
|
|
use-agent
|
||
|
|
'';
|
||
|
|
|
||
|
|
home.file.".gnupg/scdaemon.conf".text = ''
|
||
|
|
disable-ccid
|
||
|
|
reader-port "Yubico YubiKey OTP+FIDO+CCID"
|
||
|
|
'';
|
||
|
|
}
|